Disabling SSL3 won't impact the vast majority of websites, and has to be done because it's widely exploited right now (Poodle). I have only found 1 website since disabling it that wouldn't load correctly, and that will be fixed eventually and it's a non-essential website. The good news is, anyone with a UTM or Enterprise Router is blocking SSL3 exploits already anyway. All of the major companies have already released IPS updates to watch for this. (Fortinet, ZyXEL, etc.)

I'm not sure what to make of that. In my limited understanding of the phenomenon it is only really likely to be a problem on public access WiFi. I am probably wrong though.

Click to expand...

Yes, public (unencrypted) WiFi is more vulnerable as it makes the MITM component easier. In any case it makes sense to disable SSL 3.0 in favor of more secure TLS. That's easy to do in Internet Explorer and Firefox, and on the off chance that it breaks something you can revert back.

Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.

These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges.

Yes, public (unencrypted) WiFi is more vulnerable as it makes the MITM component easier. In any case it makes sense to disable SSL 3.0 in favor of more secure TLS. That's easy to do in Internet Explorer and Firefox, and on the off chance that it breaks something you can revert back.

Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.

These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges.

Today we are thrilled to release Maxthon Version 4.4.3.4000.
Changelog for 4.4.3.4000[2014-12-11]Fixes:
*Problem with filling in forms under Retro mode
* problem with updating program
*Quick Access update problem